0,0 → 1,61 |
Description: Modify lsh-krb-checkpw to work with MIT Kerberos instead of Heimdal. |
Building with the latest release of Heimdal (as of February 2016) |
fails and their maintainers want to orphan it. |
Bug: https://bugs.debian.org/812813 |
|
--- a/configure.ac |
+++ b/configure.ac |
@@ -475,7 +475,7 @@ if test x$enable_kerberos = xyes; then |
LSH_CHECK_KRB_LIB(asn1, der_get_octet_string) |
# Check for krb5_cc_gen_new too? |
# krb5_verify_user_lrealm seems to be unique to heimdal |
- LSH_CHECK_KRB_LIB(krb5, krb5_verify_user_lrealm,, [enable_kerberos=no]) |
+ LSH_CHECK_KRB_LIB(krb5, krb5_get_init_creds_password,, [enable_kerberos=no]) |
fi |
|
AH_TEMPLATE([WITH_KERBEROS], [For kerberos]) |
--- a/src/lsh-krb-checkpw.c |
+++ b/src/lsh-krb-checkpw.c |
@@ -97,6 +97,8 @@ main(int argc, char **argv) |
krb5_context context; |
krb5_ccache ccache; |
krb5_principal p; |
+ krb5_creds creds; |
+ krb5_principal server; |
char *name; |
char *pw; |
|
@@ -121,18 +123,31 @@ main(int argc, char **argv) |
if (krb5_init_context (&context)) |
die("krb5_init_context failed."); |
|
- if (krb5_make_principal(context, &p, NULL, name, NULL)) |
- die("krb5_make_principal failed."); |
+ if (krb5_parse_name(context, name, &p)) { |
+ die("krb5_parse_name failed."); |
+ } |
+ |
+ if (krb5_get_init_creds_password(context, &creds, p, pw, |
+ NULL, NULL, 0, NULL, NULL)) { |
+ die("krb5_get_init_creds_password failed."); |
+ } |
+ |
+ if (krb5_verify_init_creds(context, &creds, server, |
+ NULL, NULL, NULL)) { |
+ die("krb5_verify_init_creds failed"); |
+ } |
|
if (!krb5_kuserok(context, p, name)) |
die("krb5_kuserok doesn't know the user."); |
|
+ /* |
if (krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache)) |
die("krb5_cc_gen_new failed."); |
|
if (krb5_verify_user_lrealm(context, p, ccache, pw, TRUE, NULL)) |
die("krb5_verify_user_lrealm failed."); |
|
+ */ |
/* Authentication successful. */ |
|
/* TODO: Keep the credential cache in some way. Perhaps write it to |